logo
Shop

Get the highlights.

Bright Screen

3128x64 pixel OLED screen

Numeric Keypad

Entering pin is easy & quick

Sliding Cover

Protects screen and prevents
hardware implants

NFC-V Compatible

Tap to transmit all data types

Ultrasecure

Real crypto security chips

Let’s have some fun

Secure doesn't have to be boring. The COLDCARD Mk4 comes in a variety of colors to match your style.

Let’s have
some fun

Secure doesn't have to be boring. The COLDCARD Mk4 comes in a variety of colors to match your style.

Shop Colors

Connectivity

Different ways to connect
your COLDCARD — OFF, by default

USB-C Connector

The industry-standard for transmitting both data and power over a single cable.

AirGap SneakerNET

Maximum security when transferring data between devices.

NFC Tap

Secure & very short-range wireless transmission that sends data to your phone easily

Virtual Disk

COLDCARD can emulate a USB disk drive, so sending PSBT files can be a drag-n-drop.

NFC Push
Transaction

PushTx allows single-tap broadcast of freshly-signed transactions from COLDCARD to a phone.

Rugged & Sleek
Protective cover

Like the classic calculators from our childhoods: slide the protective cover down, reverse, and slide back onto the rear. Saves your screen from damage!

Powered by

Sleep Like a Baby
Technology™

Best-in-class security built in all of
our COLDCARD products.

Image 1 Image 2 Image 3 Image 4 Image 5 Image 6

  • Q Mk4

    Dual Secure Element for Key Storage

    We find it quite scary that some hardware wallets trust the main microprocessor with their most valuable secrets. Instead, COLDCARD uses two Secure Elements, from different vendors, to protect your Bitcoin.

    Specifically, the COLDCARD uses Microchip's ATECC608 and Maxim's DS28C36B, to store the critical master secret: the 24-word seed phrase for your BIP39 wallet.

    For your funds to be compromised, a backdoor would need to exist for 3 different chips: both the Secure Elements, and the main microprocessor.

  • Q Mk4

    Genuine vs. Caution Lights

    To resist Evil Maids, and other sneaky people with physical access to your COLDCARD, we sign our firmware with a factory key. During boot-up, the firmware's signature, and nearly every byte of flash memory, will be verified and the appropriate Green/Red light set.

    Changing that light's status is actually controlled by dedicated circuitry connected directly to a Secure Element, so a rogue bit of software cannot override it. The circuit for the lights is exposed on the top surface of the product, so any physical tampering by those maids will be visible as well.

  • Q Mk4

    Anti-phishing Words

    The PIN code on COLDCARD is divided into two parts, such as 1234-5678. You first enter 1234 and then you will be shown two words on-screen. Those words are unique for all PIN prefixes, and for each COLDCARD ever made. (The secrets used to enforce that come from inside the secure element, and are unknown to the rest of the world.)

    Your job is to memorize those two words, keep them secret, and every time you use the COLDCARD, check them before entering the final 5678 part of your PIN. This protects you against a trojan-horse COLDCARD that might look like yours but it cannot know those two words.

  • Q Mk4

    Physical Security

    The carefully designed PCB increases the SE probing difficulty. Our clear case is part of our security model too, so you can look and see if a "hardware implant" has been inserted inside your device.

    Because of the in-depth use of the secure elements, there is no "factory reset" for the COLDCARD. If you forget your COLDCARD PIN, there is nothing we can do except remind you to recycle your e-waste responsibly!

    We've even put a label, "SHOOT THESE", for more effective device destruction... When the time comes.

  • Q Mk4

    Air Gap Operation

    COLDCARD never needs to touch a computer. It can work entirely from a USB power pack or AC power adapter. This includes everything you need to do in the whole life of the product:

    • Initial PIN choosing and setup.

    • Pick your 24-seed words using our TRNG, import existing secrets, or use your dice rolls.

  • Q Mk4

    Dice Roll and Provable Bitcoin Seed Generation

    If you don't trust our random number generator, you can generate the BIP39 seed phrase using dice rolls. We help with this process: you just have to press 1–6 for each roll (99 rolls recommended). At the end of that process, you'll have a properly-encoded seed phrase based solely on the dice rolls. Learn how to verify COLDCARD's dice-rolls math here.

Trick Pin

Trick PIN Features

COLDCARD has even more tricks up its sleeve!

Duress PIN

You may define an optional "duress PIN code". If anyone enters that PIN code, instead of the "real" PIN code, nothing special is shown on the screen and everything operates as normal... However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet!

To take best advantage of this feature, you should put some Bitcoin into the duress wallet. How much you are willing to lose or what you need to make it plausible, we don't know.

The "duress" wallet will still be derived from the original BIP39 words, so you don't need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.

Countdown to Brick PIN

This is a covert variation of the BRICK ME PIN mode. It forces a time delay (of minutes/hours/days) when logging into the Coldcard.

But once set, unlike the normal countdown, this special mode covertly bricks the Coldcard (or, optionally merely wipes the seed). Again, this may form some part of your game-theory for duress situations, but is completely optional.

The goal of this mode is to provide plausible deniability of a required time delay (similar to Bank's safes), while denying the attacker a functional device in case they take it away.

BIP39 Passphrases (25th word)

We support BIP39 passphrases so you can also create an unlimited supply of distraction wallets. This feature is also useful for your own organization of funds or accounts. Unlike the single duress PIN, an unlimited number of related wallets can be created using BIP39.

Brick Me PIN

Another PIN can also be defined, which we call the “Brick Me” PIN. Using that PIN code at any PIN prompt, will destroy the dual secure element and render your Coldcard worthless. Again, this may form some part of your game-theory for duress situations, but is completely optional.

Login Countdown

Force a time delay when logging into the Coldcard. Once enabled, you must enter the PIN correctly, and then wait out a forced delay (of minutes/hours/days) while a countdown is shown on-screen. Then enter your PIN correctly, a second time, to get in.

SUPPLY CHAIN PROTECTTION

Getting an uncompromised
product into your hands

Unique Bag Number

We use a unique tamper-evident plastic bag to package your new COLDCARD. Each bag is unique and coded with a serial number. That "bag number" is written into the COLDCARD's as it's put into its bag. That value cannot be changed, and we ask your to verify the bag number when you power-up the COLDCARD for the first time.

Clear Case

The clear plastic case on COLDCARD is an important feature as well. There have been demonstrations of inserting custom hardware inside a competitor's hardware wallet to capture key-presses.

LEARN EVEN MORE

Video Walkthroughs

How to Clone/Migrate from Mk4 to COLDCARD Q

Mar 12, 2024

Tutorial: NFC Push Tx

Jun 26, 2024

Tutorial: Applying a Passphrase

Jul 10, 2024

Creating a bitcoin multisig wallet with Nunchuk, TAPSIGNER and COLDCARD

Jun 30, 2023

Spanish guide: COLDCARD Mk4 Tutorial

Jun 29, 2023

Italian guide: Bitcoin Core + COLDCARD

May 30, 2023